Easier investigation search

If you’d like to reference a past investigation, we’ve made it easier to do so. We’ve updated the long 30+ character syntax with short names. To find an investigation, go to the Activity page and search using the new short name.


Investigation short names
It’s supercalifragilisticexpialidocious … now that we have short names for investigations. We’ve updated investigation GUIDs with short names since the unique identifier for investigations was their 30+ character syntax, making it nearly impossible to remember and difficult to reference an investigation.

You can use the short names to search for an investigation and to add an alert to the investigation from the Alerts page. Reach out to your Engagement Manager to learn more about how the short names work.

Remediation actions spring cleaning
We did some tidying up on our remediation actions. Our list of completed updates include:

  • Styling adjustments to certain input labels, buttons, and spacing areas;
  • We’ve fixed the instructional text on the mitigate vulnerability remediation action;
  • Domains identified as harmful are no longer clickable when using the Block command-and-control communications remediation action;
  • We’ve improved our validation messaging to make it easier to understand which fields are required

Other enhancements

  • We noticed that when incidents don’t have an assigned threat type, they wouldn’t appear in the incident count on the Situation Report dashboard – making it difficult to make sense of some of the numbers. We’ve added an Uncategorized metric to the chart, so the numbers add up and they accurately represent what’s happened in your environment.
  • We’ve improved the styling to markdown tables in the Findings.
  • Investigation and incident related notifications would often provide Expel alert context with mislabeled vendor device context, so we’ve fixed this issue.
  • Now, when an analyst launches an investigative action, the investigative action will communicate if there were no results and automatically close itself.
  • Unhealthy Assemblers now display the VPN IP to help with the troubleshooting process.
  • Now you see me; now you don’t. We realized several device health Slack notifications only required work on our end. Since these notifications don’t provide you with any actionable steps, we’ll no longer send them.
  • We’ve added toast messages to Workbench that will notify you when the status of an alert changes and when a job has finished running. These improvements will help you maintain visibility on things happening in Workbench without requiring you to navigate or refresh pages manually.

Other fixes (and a few odds and ends)

  • We’ve fixed Alert grid rendering issues.
  • The “Block known bad hashes” remediation action would not correctly return device names in some instances. This issue has been fixed.
  • We fixed styling issues within our Change password and Reset Google Authenticator modals.
  • When users opened certain modals in Workbench, the page would shift upward and tabs would disappear in some cases. We’ve fixed this issue.
  • Instead of displaying the Closed reason, closed investigations would display the Last action status. We’ve fixed this behavior.
  • We’ve made styling adjustments to our vendor logos in the Add Security Device modal.
  • We’ve made improvements to the Add user workflow that enables you to make a user assignable when you create them.
  • Alakazam! The Complete action on remediation actions disappeared, so we did some magic to bring it back.
  • We fixed an issue that caused a poor user experience when interacting with the Evidence Dump modal inside the Alert Detail modal.
  • We’ve updated the field validation messages to provide more meaningful context when creating a remediation action.
  • Completed remediation actions will now display a Completed tag rather than the previously shown Closed tag.
  • In the Investigation/Alert CSV Export, we noticed an offset that caused data to shift two columns to the right.
  • After uploading a file to the initial lead of a manual investigation, we noticed the file would be deleted after refreshing the page, so we fixed this issue.
  • Remediation actions seemed to have lost their default assignee, so our team reunited the two.
  • The Alerts classic page was experiencing odd scrolling issues. We figured out the reason and fixed the issue.